1. Installing GnuPG

On various Linux flavors it is apparently available by default. On macos we can brew it.

brew install gpg

2. Generate Keys

I strongly recommend not to use the short version --gen-key because it uses by default RSA algorithm which does not allow key signing. I recommend to use --full-generate-key and use kind "DSA and Elgamal" to generate the pair of keys (Public key and Private key). You will be required to enter a password, this password will be required every-time a message needs to be decrypted because it will use your private key.

Export private key

Import public key

To simply import the key we can use the --import command.

gpg --import OTHERID.pub.gpg

HOWEVER, at this point using this new key to decrypt something will lead to WARNings because the key is not verified, not trusted, not checked, etc. Please make sure you have the right key (check the fingerprint) and trust it. For full conceptual explanation see the official docs here and here

Import private key

We use the same --import command. gpg will recognize if key is private or public :)

gpg --import blake.secret.gpg
# (type password)

To see the list of private keys in the keyring:

gpg --list-secret-keys

Asymmetric encryption and decryption

Asymmetric cryptography means the message is encrypted with the public key and decrypted with the private key that is paired with that public key. This means, the sender cannot decrypt the message. Only the receiver can decrypt it (Off-course, unless the message was sent to self)

Encrypt a file

To asymmetrically encrypt a file we need to have the public key of the receiver in the keyring.

We can skip the --armor or -a option to have encrypted files in binary format.
Not recommended but we can skip the --sign or -s option to not sign it.
If --local-user or -u is skipped then the default key will be used.

Decrypt a file

To asymmetrically decrypt a file we must have the private key that corresponds to the public key that was used at encryption time.
To decrypt and verify the sign:

gpg --output file.doc --decrypt file.doc.gpg

This command will requires two things to succeed:

A kind of key able to sign (RSA does not do it, that is why I suggested to use DSA and Elgamal kind).

Option --sign or -s should be passed at encryption time.

Not recommended but if you need to skip sign verification:

gpg --output file.doc --skip-verify --decrypt file.doc.pgp

Symmetric Encryption

Encrypt a file (Symmetric encryption)

Symmetric encryption requires just a password. Anyone with this password should be able to decrypt to file.